Some more info: ntp doesn't always crash at the same spot, but it's
almost always within glibc, in function prologues, at the instruction
that calls __i686.get_pc_thunk.bx. The stack pointer looks
reasonable, so I'd guess it's something wrong with the TLB handler.

I can confirm that whis bug exists in up2dated FC3. I think it can have
something in common with bug #151262 (duplicate or depend).
There's a workaround for this issue. If an ntpd is started with:
setarch i386 -L ntpd -u ntp:ntp -p /var/run/ntpd.pid
it doesn't crash.

Yet another workaround:
execstack -s /usr/sbin/ntpd
As I understand it, it alters the binary:
rpm -V ntp
..5...... /usr/sbin/ntpd
but the rest of the system is unaffected.
Also, you can undo the change with:
execstack -c /usr/sbin/ntpd
which restores the old binary (rpm -V won't report it as changed).
Thanks to Tomasz for reporting the workarounds (as you may guess, mine
is based on the info he provided, it's just a different way to disable
the exec-shield for ntpd).

I just tested the prelink connection:
I did a "prelink -uv" on the files that ntpd uses:
/lib/ld-linux.so.2
/lib/libcap.so.1
/lib/libcom_err.so.2
/lib/libcrypto.so.4
/lib/libdl.so.2
/lib/libresolv.so.2
/lib/tls/libc.so.6
/lib/tls/libm.so.6
/usr/lib/libgssapi_krb5.so.2
/usr/lib/libk5crypto.so.3
/usr/lib/libkrb5.so.3
/usr/lib/libz.so.1
/usr/sbin/ntpd
And I still get the same Segmentation fault.
The I did a "prelink -auv" and ntpd still Segfaults.